DUKPT encryption methods were developed to improve the security of financial account access data transmitted between a transaction site and a financial account authorization site. They are typically used in devices where a personal identification number (PIN) or other account access data are transmitted from one location to another to obtain access to a financial account. For example, PIN pads at checkout stations permit a user to enter a PIN through a 10 key pad and that number is encrypted along with account data read from a magnetic stripe of a debit card. The encrypted financial account data and PIN are used to query the database of a financial institution to obtain authorization to charge a consumer's financial account for a pending transaction amount.
The encryption of the PIN and financial account data is performed by the key pad device or other payment terminal using a Derived Unique Key Per Transaction (DUKPT) method as defined by ANSI X9.24. To encrypt a PIN using this method, a DUKPT injection system must have a Base Derivation Key (BDK) and a Key Serial Number (KSN). The KSN is a unique value and is different for each payment terminal injected. The BDK is a 128 bit key that is used to encrypt the KSN, the result of which is combined with the KSN and injected into the payment terminal at the time of its manufacture. The terminal is constructed so that an attempt to compromise the security of the payment terminal causes the memory where the DUKPT encryption keys are stored to destruct. In this manner, unauthorized access to DUKPT encryption keys through dismantling of a payment terminal, PIN pad, or the like is denied.
During manufacture of the payment terminal or PIN pad, the BDK is used to encrypt data that is injected by a DUKPT injection system into the memory of the DUKPT encrypting unit. A bank or other financial institution clearinghouse generates the BDKs for DUKPT encryption unit manufacturers or injection facilities. A BDK is typically separated into three segments for a 128 bit key. The key segments are separated and sent to key custodians located at a facility certified for DUKPT key injection. To assemble the key for insertion into encryption units, each custodian takes the segment of the key that he or she received and enters a secured access room in which a computer, such as a personal computer, and a Tamper Resistant Security Module (TRSM) are located. Each custodian enters the room, one at a time, to enter the digits of the BDK segment provided to the custodian. The computer does not display the segments of the BDK so none of the custodians is able to view the BDK in its entirety. A checksum may be provided with the BDK segments to verify entry of the segments. This process is described in Appendix C of ANSI X9.24-1998. After the BDK segments have been correctly entered into the computer, the computer assembles the BDK and stores it in the TRSM. The computer may then destroy the BDK so that the only remaining copy at the certified facility is within the TRSM. Thereafter, the TRSM uses the BDK to encrypt a unique KSN to generate an Initial PIN Pad Key (IPPK). The IPPK and KSN are injected into the memory of DUKPT encryption devices before they are sealed at the certified facility and shipped for incorporation into a checkout station, automated teller machine, or the like.
TRSM machines are expensive and only provide a single function, namely, the storage and injection of a BDK. Their design and operational data remains proprietary with the TRSM vendor so only the vendor is able to perform maintenance on a TRSM. Furthermore, the TRSM devices must be securely stored during periods when the manufacturing line is not operating or the injection of PINs are not required and the secure storage facility must house the entire machine.
What is needed is a way of securing BDKs for use in generating keys for injection in DUKPT units without requiring the expense and maintenance of TRSM units.
What is needed is a way of reducing the amount of equipment required for storing BDKs so they may be used to inject keys into a DUKPT encryption unit.